- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 21 Aug 2008 10:17:58 +0200
- To: Dan Winship <dan.winship@gmail.com>
- CC: ietf-http-wg@w3.org
Julian Reschke wrote:
>
> Dan Winship wrote:
>> Julian Reschke wrote:
>>> To be complete we would also need to cite the original spec
>>> (<http://www.netscape.com/newsref/std/cookie_spec.html>, 404s...). We
>>> already have three cookie-related references; enough is enough, isn't
>>> it?
>>
>> Well, but that one is more worth citing than some of the others, since
>> it's pretty much what people actually implement in practice.
>
> It's indirectly referenced through RFC2965, which now has an erratum
> pointing out the backup URL (thanks, Daniel) -- see
> <http://www.rfc-editor.org/errata_search.php?rfc=2965>.
>
>>> The currently proposed text is at:
>>> <http://www3.tools.ietf.org/wg/httpbis/trac/attachment/ticket/129/i129.diff>
>>>
>>
>> AFAIK, the problem is only with "Set-Cookie", not "Cookie". (There's no
>> need to send multiple Cookie headers; the spec says you're supposed to
>> include all of the cookies, semicolon-delimited, in a single Cookie
>> header.)
>
> OK, see
> <http://www3.tools.ietf.org/wg/httpbis/trac/attachment/ticket/129/i129.3.diff>.
> ...
For now, I have submitted the change, and closed the issue (see
<http://tools.ietf.org/wg/httpbis/trac/changeset/310>).
The new text now states:
Note: the "Set-Cookie" header as implemented in practice (as
opposed to how it is specified in [RFC2109]) can occur multiple
times, but does not use the list syntax, and thus cannot be
combined into a single line. (See Appendix A.2.3 of [Kri2001] for
details.) Also note that the Set-Cookie2 header specified in
[RFC2965] does not share this problem.
BR, Julian
Received on Thursday, 21 August 2008 08:18:52 UTC